Archive for cPanel

cPanel & WHM software version 11.40 will reach End of Life at the end of October 2014. In accordance with our EOL policy [http://go.cpanel.net/longtermsupport], 11.40 will continue functioning on servers after reaching EOL. However, no further updates, such as security fixes and installations, will be provided for 11.40 once it …

Bash CVE-2014-6217 and CVE-2014-7169 CVE-2014-6217 is a critical vulnerability in all versions of GNU Bash, the Bourne Again Shell.This vulnerability allows an attacker to execute arbitrary shell commands any time a Bash shell executes with environmental variables supplied by the attacker. On cPanel & WHM systems, there are numerous entry …

SUMMARY cPanel, Inc. has released EasyApache 3.26.4 with mod_perl version 2.0.8. This release fixes bugs related to vulnerability CVE-2013-1667 in the mod_perl2 Apache test suite. AFFECTED VERSIONS All versions of Perl 5.8.2 through 5.16.x SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs: …

cPanel TSR-2014-0006 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having security impact …

cPanel & WHM software version 11.40 will reach End of Life at the end of October 2014. In accordance with our EOL policy [http://go.cpanel.net/longtermsupport], 11.40 will continue functioning on servers after reaching EOL. However, no further updates, such as security fixes and installations, will be provided for 11.40 once it …

You may have noticed an addition to the Update Company Information page, located under the Company tab in Manage2. It now includes a Purchase WHMCS Url or email address field. This field allows you to determine the visibility and functionality of WHMCS promotion to your customers. You can take one …

SUMMARY cPanel, Inc. has released EasyApache 3.26.3 with PHP version 5.5.15, Libxslt version 1.1.28 and Libxml2 version 2.9.1. This release addresses PHP vulnerability CVE-2014-4670 by fixing a bug in the SPL component, CVE-2012-6139 by fixing a bug in Libxslt, and fixes bugs in Libxml2 to address the following CVEs: CVE-2012-5134, …

SUMMARY cPanel, Inc. has released EasyApache 3.26.2 with Apache version 2.4.10. This release addresses Apache vulnerabilities CVE-2014-0117, CVE-2014-0226, CVE-2014-0118, and CVE-2014-0231 by fixing bugs in the mod_proxy, mod_deflate, and mod_cgid modules. We encourage all Apache 2.4 users to upgrade to Apache version 2.4.10. AFFECTED VERSIONS All versions of Apache 2.4 …

cPanel TSR-2014-0005 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having security impact …

We are happy to announce the release of EasyApache 3.26 for cPanel & WHM. EasyApache 3.26 features a redesigned profile page that is easier to use and more informative. EasyApache’s redesigned profile page includes cPanel & WHM’s new Optimal Profiles. The new Optimal Profiles include the recommended versions of PHP …

SUMMARY cPanel, Inc. has released EasyApache 3.24.22 with PHP 5.4.30 and 5.5.14. This release addresses multiple PHP vulnerabilities in the PHP core code and the Fileinfo, Network, and SPL modules. We encourage all PHP users to upgrade to PHP 5.4.30 and PHP 5.5.14. AFFECTED VERSIONS All versions of PHP 5.4 …

You may have noticed an addition to the Update Company Information page, located under the Company tab in Manage2. It now includes a Purchase CloudLinux Url or email address field. This field allows you to determine the visibility and functionality of EasyApache’s Upgrade to CloudLinux button. You can take one …

SUMMARY cPanel, Inc. has released EasyApache 3.24.19 with PHP versions 5.5.13 and 5.4.29. This release addresses the PHP vulnerabilities CVE-2014-0237 and CVE-2014-0238 with fixes to bugs in the fileinfo extension. We encourage all PHP users to upgrade to PHP version 5.5.13 or PHP version 5.4.29. AFFECTED VERSIONS All versions of …

6/3/2014 Houston, TX – cPanel, Inc. is thrilled to release cPanel & WHM software version 11.44, which is now available in the CURRENT tier. cPanel & WHM 11.44 offers a transfer and restore renovation, configuration clusters, a new edition of Paper Lantern, support access, and more. Transfer & Restore Renovation …

TSR-2014-0004 Full Disclosure Case 78301 Summary Correct patch for CVE-2002-1575 in cgiemail. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description cPanel & WHM includes a copy of Bruce Lewis’ cgiemail version 1.6. This version of cgiemail was vulnerable to CVE-2002-1575, allowing remote unauthenticated attackers …

TSR-2014-0004 cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having security impact levels ranging …

SUMMARY cPanel, Inc. has released EasyApache 3.24.18 with PHP versions 5.5.12 and 5.4.28. This release addresses the PHP vulnerability CVE-2014-0185 with the fix to a bug in the FPM package. We encourage all PHP users to upgrade to PHP version 5.5.12 or PHP version 5.4.28. AFFECTED VERSIONS All versions of …

cPanel & WHM software version 11.38 has reached End of Life. In accordance with our EOL policy [http://go.cpanel.net/longtermsupport],11.38 will continue functioning on servers. The last release of cPanel & WHM 11.38, 11.38.2.23, will remain on our mirrors indefinitely. You may continue using this last release, but no further updates, such …

cPanel Security Team: Heartbleed Vulnerability Heartbleed is a serious vulnerability in OpenSSL 1.0.1 through 1.0.1f. This vulnerability allows an attacker to read 64 kilobyte chunks of memory from from servers and clients that connect using SSL through a flaw in the OpenSSL’s implementation of the heartbeat extension. What does this …

SUMMARY cPanel, Inc. has released EasyApache 3.24.15 with FCGI version 2.3.9 and PHP versions 5.5.10 and 5.4.27. This release addresses the FCGI vulnerability CVE-2013-4365 with fixes to a possible heap buffer overwrite issue, and the PHP vulnerability CVE-2013-7345 with fixes to bugs in the fileinfo module. We encourage all FCGI …

The end of Microsoft® FrontPage® Extensions installations on cPanel & WHM servers is quickly approaching. FrontPage support has already been removed in EasyApache version 3.24.1 and up and cPanel & WHM will be FrontPage-free by version 11.46, which is currently slated for a Fall 2014 release. cPanel & WHM version 11.44 (scheduled for a …

cPanel & WHM software version 11.38 will reach End of Life at the end of April 2014. In accordance with our EOL policy [http://go.cpanel.net/longtermsupport], 11.38 will continue functioning on servers after reaching EOL. However, no further updates, such as security fixes and installations, will be provided for 11.38 once it …

SUMMARY cPanel, Inc. has released EasyApache 3.24.14 with Apache version 2.2.27. This release addresses Apache vulnerabilities CVE-2014-0098 and CVE-2013-6438, by fixing bugs in the mod_log_config and mod_dav modules. We encourage all Apache users to upgrade to Apache version 2.2.27. AFFECTED VERSIONS All versions of Apache version 2.2 before 2.2.27. SECURITY …

cPanel TSR-2014-0003 Notice of Delay in Disclosure Based on customer feedback, cPanel is extending the time frame between our initial announcement of a Targeted Security Release (TSR) and the disclosure of full details about the contents of the TSR to one week. This change will apply to TSR-2014-0003 and all …

cPanel TSR-2014-0003 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having security impact …

SUMMARY cPanel, Inc. has released EasyApache 3.24.13 with Apache version 2.4.9. This release addresses Apache vulnerabilities CVE-2014-0098 and CVE-2013-6438, by fixing bugs in the mod_log_config and mod_dav modules. We encourage all Apache users to upgrade to Apache version 2.4.9. AFFECTED VERSIONS All versions of Apache version 2.4 before 2.4.9. SECURITY …

3/17/2014 Houston, TX – cPanel, Inc. is thrilled to release cPanel & WHM software version 11.42, which is now available in the STABLE tier. cPanel & WHM version 11.42 offers a brand new theme, an upgrade to Horde Groupware Webmail, and more. Paper Lantern Theme As part of 11.42, cPanel …